Vadim Bendebury has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/41100 )
Change subject: security: tcg-2.0: Improve error response handling, fix Cr50 boot mode ......................................................................
Patch Set 1:
(2 comments)
https://review.coreboot.org/c/coreboot/+/41100/1/src/security/tpm/tss/tcg-2.... File src/security/tpm/tss/tcg-2.0/tss_marshaling.c:
https://review.coreboot.org/c/coreboot/+/41100/1/src/security/tpm/tss/tcg-2.... PS1, Line 591: if (tpm2_static_resp.hdr.tpm_size != ibuf_nr_read(ib)) why not keep this check, just without the above line, will allow to avoid using the hardcoded header size?
https://review.coreboot.org/c/coreboot/+/41100/1/src/security/tpm/tss/tcg-2.... PS1, Line 556: ibuf_nr_read(ib) == resp->hdr.tpm_size
we shouldn't require this. […]
If I understand this correctly this just checks that the header size field matches the packet size, which should be correct, payload or no payload.
But this could be checked before this function is invoked.